Vulnerability Remediation Engineer

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider headquartered in Dulles, Virginia with operations across the U.S. We provide innovative enterprise-wide solutions as well as targeted services addressing the complex challenges faced by our federal government clients. Our focus is on enabling our clients to deliver their mission most efficiently and effectively – anytime, anywhere, securely. We combine technical expertise, mission awareness, and an empowered workforce to produce meaningful results.

Join the SkyePoint team and become part of a highly skilled, professional workforce dedicated to delivering mission-critical solutions. Our exceptional technical experts provide innovative services and solutions to federal agencies, making a meaningful impact every day. At SkyePoint, we value top talent and foster an environment where your ideas and contributions truly matter. Be part of a team that values excellence and rewards innovation—your future starts here!

This is a contingent position based upon customer approval and funding. 

SkyePoint Decisions is seeking a Vulnerability Remediation Engineer for our customer. This person will prioritize and execute remediation actions across infrastructure and endpoints. Remediation Engineers not only create and track tickets, but they also have the skills, knowledge, and access to perform actual remediation themselves.

This position is onsite in Beltsville, MD.

Responsibilities:

Primary Function: 

• Serve as the critical liaison between security and IT operations teams to prioritize, coordinate, and execute vulnerability remediation actions across the global infrastructure 

Vulnerability Management & Prioritization: 

• Assess and prioritize Plans of Action and Milestones (POA&Ms) based on risk-based vulnerability management (RBVM) principles 
• Correlate vulnerability scan data from Tenable, Qualys, and iPost with threat intelligence and real-time asset context from Tanium 
• Analyze vulnerability data against business context from ServiceNow Configuration Management Database (CMDB) to determine mission impact 
• Apply Vulnerability Priority Rating (VPR) and TruRisk scoring methodologies to focus remediation efforts on highest-risk vulnerabilities 

Remediation Coordination & Execution: 

• Create, manage, and track remediation tickets in ServiceNow with comprehensive vulnerability details and recommended remediation steps 
• Negotiate patching windows and coordinate with IT operations teams, system owners, and Information Systems Security Officers (ISSOs) 
• Perform "hands-on keyboard" remediation of critical vulnerabilities when appropriate and within scope 
• Manage remediation exceptions and ensure Service Level Agreement (SLA) compliance (e.g., 7 days for critical vulnerabilities) 
• Coordinate emergency remediation actions for zero-day and actively exploited vulnerabilities 

Process Integration & Automation: 

• Collaborate with Security Automation Engineers to develop and refine vulnerability management playbooks in SOAR platforms 
• Work with Engineering team to integrate vulnerability data feeds with automated orchestration workflows 
• Support development of automated validation and closure processes for remediated vulnerabilities 
• Participate in continuous improvement initiatives to enhance remediation efficiency and reduce Mean Time to Remediate (MTTR) 

Stakeholder Communication & Reporting: 

• Serve as primary point of contact between technical teams and system/business owners 
• Provide regular status updates on remediation progress to ISSOs and management 
• Escalate persistent vulnerabilities and SLA violations through appropriate channels 
• Participate in Purple Team exercises and contribute remediation expertise to adversary emulation debriefs 
• Correlate scanner findings with Tanium and CMDB context to prioritize work 
• Create and manage ServiceNow tasks and changes 
• Execute patches and configuration changes; script at scale where appropriate 
• Trigger validation rescans and document evidence 
• Manage exceptions and risk acceptances per policy

Required Qualifications:

• High School diploma with 7 years of penetration testing and red teaming experience OR Bachelor's degree with 5 years of experience OR 4 years with a Master's degree
• Strong understanding of vulnerability management principles and risk-based prioritization methodologies 
• Hands-on experience with vulnerability scanning tools (Tenable Nessus/Security Center, Qualys VMDR preferred) 
• Proficiency with IT service management tools (ServiceNow experience strongly preferred) 
• Experience with endpoint management and configuration tools (Tanium experience preferred) 
• Knowledge of patch management processes across Windows, Linux, and network infrastructure 
• Understanding of NIST Risk Management Framework (RMF) and FISMA compliance requirements 
• Patch/change management experience in enterprise environments 
• Scripting ability (PowerShell/Python) 
• Ability to translate technical vulnerabilities into business risk language for diverse stakeholders 
• Proven ability to work effectively across organizational boundaries and coordinate complex remediation efforts 
• Strong analytical skills to prioritize competing remediation requirements and resolve complex technical issues 
• Meticulous approach to tracking vulnerabilities, managing POA&Ms, and ensuring compliance 
• Ability to respond quickly to emerging threats and changing priorities in a dynamic environment 
• Must be a U.S. citizen
• Must have a current, active Secret clearance with the ability to obtain Top Secret 

Preferred Qualifications:

• Current industry certifications such as Security+, GCIH, CySA+, or CISSP 
• Experience in federal government or highly regulated environments 
• Familiarity with NIST SP 800-53 security controls and Assessment & Authorization (A&A) processes 
• Knowledge of MITRE ATT&CK framework and threat intelligence integration 
• Experience with automation and orchestration platforms (Splunk SOAR, Microsoft Sentinel Logic Apps) 
• Understanding of cloud security principles and Infrastructure-as-Code (IaC) security 
• Experience with network security appliances and configuration management 

What We Can Offer You:

• At SkyePoint, we go B.I.G. (beginning in GRATITUDE) by recognizing all we have and giving back to our employees, families, and communities. It instills a positive mindset that permeates all we do. By beginning in gratitude, SkyePoint can continue to spread living in gratitude each day.
• Great Benefits: Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, ST/LT Disability, Life Insurance, floating federal holiday options, and 401k matched
• Certificate Incentive Program: To promote professional development, we recognize and reward employees who obtain new certifications aligned with business needs.

• Flexible Work Environment

Compensation:

Salary Range: TBD

The SkyePoint Decisions salary range for this position is a general guideline only. It represents an estimated range for this position and is just one piece of our total compensation package. 

Salary at SkyePoint is determined by various factors, including but not limited to location, work schedule, the candidate’s combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability, market data and business considerations.

In addition to a competitive salary, SkyePoint offers benefits including a certification incentive program, PTO, floating federal holiday options, several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs], Flex Spending Accounts [FSAs], Full Dental Plans, Vision, ST/LT Disability, Life Insurance, and 401k matched.

SkyePoint Decisions is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development. We possess a common vision of excellence and foster a collaborative team culture built upon individual performance and accountability. We invest in our people and systems to create value for our clients. It is the SkyePoint Way. We are grateful for the opportunity to work with exceptional people and give back to the communities we serve. Our employees value the flexibility at SkyePoint that allows them to balance quality work and their personal lives.

Please be aware of recruiting scams and people claiming to be from SkyePoint Decisions. For more information, please see the Welcome Page of our Careers site.

Skyepoint Decisions is a participating E-Verify Employer. 

U.S. Citizenship is required for most positions.

Equal Opportunity Employer/Veterans/Disabled.